From 8c4521af032d5d34cd47b2f2bb50885ed2d63332 Mon Sep 17 00:00:00 2001
From: Sergey Lyubka <valenok@gmail.com>
Date: Sat, 23 Nov 2013 07:46:11 +0000
Subject: [PATCH] moved remove_double_dots_and_double_slashes() to string.c
---
build/src/mongoose.c | 23 ----------------------
build/src/string.c | 23 ++++++++++++++++++++++
mongoose.c | 46 ++++++++++++++++++++++----------------------
3 files changed, 46 insertions(+), 46 deletions(-)
diff --git a/build/src/mongoose.c b/build/src/mongoose.c
index 0505f16d9..c9d845c75 100644
--- a/build/src/mongoose.c
+++ b/build/src/mongoose.c
@@ -503,29 +503,6 @@ static int get_request_len(const char *buf, int buf_len) {
return 0;
}
-// Protect against directory disclosure attack by removing '..',
-// excessive '/' and '\' characters
-static void remove_double_dots_and_double_slashes(char *s) {
- char *p = s;
-
- while (*s != '\0') {
- *p++ = *s++;
- if (s[-1] == '/' || s[-1] == '\\') {
- // Skip all following slashes, backslashes and double-dots
- while (s[0] != '\0') {
- if (s[0] == '/' || s[0] == '\\') {
- s++;
- } else if (s[0] == '.' && s[1] == '.') {
- s += 2;
- } else {
- break;
- }
- }
- }
- }
- *p = '\0';
-}
-
static const struct {
const char *extension;
size_t ext_len;
diff --git a/build/src/string.c b/build/src/string.c
index 226d8f363..ea2491e5a 100644
--- a/build/src/string.c
+++ b/build/src/string.c
@@ -243,3 +243,26 @@ static int match_prefix(const char *pattern, int pattern_len, const char *str) {
return j;
}
+// Protect against directory disclosure attack by removing '..',
+// excessive '/' and '\' characters
+static void remove_double_dots_and_double_slashes(char *s) {
+ char *p = s;
+
+ while (*s != '\0') {
+ *p++ = *s++;
+ if (s[-1] == '/' || s[-1] == '\\') {
+ // Skip all following slashes, backslashes and double-dots
+ while (s[0] != '\0') {
+ if (s[0] == '/' || s[0] == '\\') {
+ s++;
+ } else if (s[0] == '.' && s[1] == '.') {
+ s += 2;
+ } else {
+ break;
+ }
+ }
+ }
+ }
+ *p = '\0';
+}
+
diff --git a/mongoose.c b/mongoose.c
index 269c1e9e5..6649d35c5 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -726,6 +726,29 @@ static int match_prefix(const char *pattern, int pattern_len, const char *str) {
return j;
}
+// Protect against directory disclosure attack by removing '..',
+// excessive '/' and '\' characters
+static void remove_double_dots_and_double_slashes(char *s) {
+ char *p = s;
+
+ while (*s != '\0') {
+ *p++ = *s++;
+ if (s[-1] == '/' || s[-1] == '\\') {
+ // Skip all following slashes, backslashes and double-dots
+ while (s[0] != '\0') {
+ if (s[0] == '/' || s[0] == '\\') {
+ s++;
+ } else if (s[0] == '.' && s[1] == '.') {
+ s += 2;
+ } else {
+ break;
+ }
+ }
+ }
+ }
+ *p = '\0';
+}
+
static const char *month_names[] = {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
@@ -2673,29 +2696,6 @@ static int get_request_len(const char *buf, int buf_len) {
return 0;
}
-// Protect against directory disclosure attack by removing '..',
-// excessive '/' and '\' characters
-static void remove_double_dots_and_double_slashes(char *s) {
- char *p = s;
-
- while (*s != '\0') {
- *p++ = *s++;
- if (s[-1] == '/' || s[-1] == '\\') {
- // Skip all following slashes, backslashes and double-dots
- while (s[0] != '\0') {
- if (s[0] == '/' || s[0] == '\\') {
- s++;
- } else if (s[0] == '.' && s[1] == '.') {
- s += 2;
- } else {
- break;
- }
- }
- }
- }
- *p = '\0';
-}
-
static const struct {
const char *extension;
size_t ext_len;
--
GitLab